Principales respuestas

Using Windows Authentication with WSUS on Server 2008

Pregunta

On a Windows Server 2008 Standard OS, I would like to implement WSUS for a small organization, using the simplest possible configuration for WSUS. While looking at the procedure for installation of the service, I saw that one of Roles for the server would
be IIS with a security service for "Windows Authentication". The description of this service in Server Manager includes the following sentence: "This authentication scheme allows administrators in a Windows domain to take advantage of the domain
infrastructure for authenticating users."

My question, therefore, is whether having a Windows domain is required for implementing WSUS or can it be implemented in a workgroup only environment? I can add that in this particular situation there would be no authentication of users needing to occur
in any case because only the administrator himself would be making use of the service on these machines.

Also, would WSUS also work for systems installed in virtual machines? Thanks you.

In reading the article referenced by you, I see this part of it near the end:

"Any computer that runs the WSUS Administration Console must also have all of the following software installed:

At least The Microsoft .NET Framework 2.0

At least Microsoft Management Console 3.0

At least Microsoft Report Viewer Redistributable 2008

The computer that runs the WSUS Administration Console must be in the same Active Directory domain as the WSUS server, or it must have a trust relationship with the Active Directory domain of the WSUS server."

Therefore, I would infer that, at the very least, unless I intend to utilize the Administration Console solely on the WSUS server machine itself, I would need to use it in a Windows domain setting. In other words, I could not use a different Workgroup
machine, one running Windows 7 for example, for the Administration Console. Would you not agree with this statement?

Therefore, I would infer that, at the very least, unless I intend to utilize the Administration Console solely on the WSUS server machine itself, I would need to use it in a Windows domain setting.

That is the intended inference; however, there are two alternatives to domain membership that will work.

The first is to use Remote Desktop to connect to the WSUS server and run the console locally via the RDC.

In other words, I could not use a different Workgroup machine, one running Windows 7 for example, for the Administration Console.

The second one is how to actually use this scenario. Generally not recommended because it introduces some security 'holes' in the environment, but it does work essentially using the principles of peer-to-peer workgroup file sharing that date back to the
days of Win v3: If you configure an account with the same name on both systems and set the passwords to be identical, the non-domain system will authenticate the connection as a local authentication.

One step up from that, in Windows 7 you can use Control Panel | User Accocunts to define a stored credential for the WSUS server connection, and the WSUS server will also authenticate that connection.